CVE-2021-41596

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-41596

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-41596.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-41596

Aliases

BIT-suitecrm-2021-41596

Withdrawn

2024-05-08T06:51:37.167152Z

Published

2021-10-04T17:15:08Z

Modified

2023-12-06T00:46:34.923547Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

SuiteCRM before 7.10.33 and 7.11.22 allows information disclosure via Directory Traversal. An attacker can partially include arbitrary files via the importFile parameter of the RefreshMapping import functionality.

References

Affected packages

Git / github.com/salesagility/suitecrm

Affected ranges

Type: GIT
Repo: https://github.com/salesagility/suitecrm
Events: Introduced

80e9e484f7c00340a67a65efbf82aca2e3d5d141

Fixed

b231a3246e156fb454b4f4aae1bdb6c36bb31cce

Affected versions

v7.*

v7.10.13

v7.10.14

v7.10.15

v7.10.16

v7.10.17

v7.10.18

v7.10.19

v7.10.20

v7.10.21

v7.10.22

v7.10.23

v7.11.0

v7.11.1

v7.11.10

v7.11.11

v7.11.12

v7.11.13

v7.11.14

v7.11.15

v7.11.16

v7.11.17

v7.11.18

v7.11.19

v7.11.2

v7.11.20

v7.11.21

v7.11.3

v7.11.4

v7.11.5

v7.11.6

v7.11.7

v7.11.8

v7.11.9